Cooperative Won't Pay Hacker Ransom

Cyberattack on Iowa Cooperative Considered Terrorism

Victoria G Myers
By  Victoria G. Myers , Progressive Farmer Senior Editor
NEW Cooperative reports indicate 40% of the nation's grain production runs through its software and the current ransomware attack could break the supply chain. (DTN/Progressive Farmer File Photo by Matthew Putney)

BIRMINGHAM, Ala. (DTN) -- NEW Cooperative has taken a stand against paying a ransom demand to hackers who launched a vicious cyberattack on the Iowa-based business.

The group that calls itself "BlackMatter" locked the computer system of the business and threatened to start publishing stolen data if a $5.9 million ransom was not paid by Sept. 25. According to sources inside the cooperative, federal agents are now on site and consider the takeover an act of terrorism.

NEW Cooperative officials reported shortly after the incident that some 40% of the nation's grain production runs through its software and the ransomware attack could break the supply chain. ZDNet, a technology news site, shared shortly after the attack that a source told its reporters BlackMatter breached employee credentials left exposed by what it called "poor password management."

BlackMatter, thought to be a Soviet-based group, said on its website it does not target critical infrastructure. When informed by NEW Cooperative that it was critical infrastructure, the group replied via social networks that it did not consider the cooperative to be critical infrastructure.

DTN reporters reached out to NEW Cooperative for details on the situation when news of the attack broke and were provided a statement, part of which said the cooperative had quickly notified law enforcement and were working with data security experts to investigate and remediate the matter. Most likely these investigators would include agents from the Cybersecurity and Information Security Agency (CISA), a standalone federal agency under the Department of Homeland Security, that describes itself as "the nation's risk advisor, working with partners to defend against today's threats and collaborating to build more secure and resilient infrastructure for the future."

NEW COOPERATIVE MEMBER SHARES CONCERNS

In an interview with DTN, Iowa farmer and livestock producer Mark Schleisman said he has been a member of NEW Cooperative for 10 years. He said he occasionally sells grain through the entity, but routinely utilizes the cooperative to buy agricultural chemicals and fertilizer. Schleisman grows popcorn seed, soybeans and field corn, and raises cattle and hogs.

Schleisman first learned NEW Cooperative had been attacked through news outlets.

"Actually, I wasn't surprised," he said. "I'm aware that these cyberattacks are becoming more common. I was surprised they targeted an agricultural cooperative in Iowa, but it's a big business."

As a member of the cooperative, Schleisman said he had received no direct communication from the business. He noted, however, that the cooperative would have critical information for all members, including social security numbers and personal information necessary for paying out dividends. While he had never signed up for direct deposit with the cooperative, Schleisman had heard some employees of the business were closing personal bank accounts.

"I trust them [NEW Cooperative] in the sense that if they thought their members were affected by this, they would let us know," Schleisman said. "But I might be too trustful. We don't hear a lot of details. As I understand it, federal agents have taken over the investigation and they aren't supposed to give us any information."

Asked if this would change his business plans with NEW Cooperative moving forward, Schleisman said right now he didn't think that would be the case.

"This does make me more reluctant to give businesses any bank account information for direct deposits or withdrawals. It makes me want to limit everything to a paper check, but that has its drawbacks too. Ultimately, I want to see businesses accept liability and provide identity protection policies in some way if they are going to do business with you. I want them to stand behind a loss, just like a credit card company does. I don't think that's too much to ask."

Editor's note: Read an earlier report on this breaking news by Chris Clayton, "Iowa Grain Cooperative Hacked" here: https://www.dtnpf.com/…

Victoria Myers can be reached at vicki.myers@dtn.com

Victoria Myers